CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Sudo Vulnerability CVE-2025-32463 Actively Exploited in Linux and Unix Systems

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

A critical security flaw in the Sudo command-line utility for Linux and Unix-like operating systems, identified as CVE-2025-32463, is being actively exploited. This vulnerability affects Sudo versions 1.9.14 through 1.9.17 and allows local attackers to run arbitrary commands as root, even if they are not listed in the sudoers file. The flaw was disclosed in July 2025 and added to CISA's Known Exploited Vulnerabilities (KEV) catalog on September 30, 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised Federal Civilian Executive Branch (FCEB) agencies to apply necessary mitigations by October 20, 2025, to secure their networks. The vulnerability was disclosed by Stratascale researcher Rich Mirch in July 2025. The flaw affects sudo versions 1.9.14 through 1.9.17 and has received a critical severity score of 9.3 out of 10. A proof-of-concept exploit for the CVE-2025-32463 flaw was released on July 4, 2025, and additional exploits have circulated publicly since July 1, 2025.

Timeline

  1. 30.09.2025 08:41 2 articles · 7d ago

    Sudo Vulnerability CVE-2025-32463 Actively Exploited

    The flaw affects sudo versions 1.9.14 through 1.9.17. The vulnerability has received a critical severity score of 9.3 out of 10. A proof-of-concept exploit for the CVE-2025-32463 flaw was released on July 4, 2025, and additional exploits have circulated publicly since July 1, 2025.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Cisco IOS and IOS XE SNMP Zero-Day Exploited in Attacks

Cisco has released security updates to address a high-severity zero-day vulnerability (CVE-2025-20352) in Cisco IOS and IOS XE Software. The flaw is a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) subsystem, actively exploited in attacks. This vulnerability allows authenticated, remote attackers to cause denial-of-service (DoS) conditions or gain root control of affected systems. The vulnerability impacts all devices with SNMP enabled, including specific Cisco devices running Meraki CS 17 and earlier. Cisco advises customers to upgrade to a fixed software release, specifically Cisco IOS XE Software Release 17.15.4a, to remediate the vulnerability. Temporary mitigation involves limiting SNMP access to trusted users and disabling the affected Object Identifiers (OIDs) on devices. Additionally, Cisco patched 13 other security vulnerabilities, including two with available proof-of-concept exploit code. Cisco also released patches for 14 vulnerabilities in IOS and IOS XE, including eight high-severity vulnerabilities. Proof-of-concept exploit code exists for two of the vulnerabilities, but exploitation is not confirmed. Three additional medium-severity bugs affect Cisco’s SD-WAN vEdge, Access Point, and Wireless Access Point (AP) software.

Open in new tab

CISA Defunding and Dismantling Affects US Cyber Defense

The prolonged US federal government shutdown severely depletes federal cybersecurity capabilities, with CISA set to lose around 65% of its workforce. This disruption weakens US cyber defense capabilities, impacts threat intelligence sharing, and increases the risk of cyber-attacks. The shutdown also affects the National Institute of Standards and Technology (NIST), which retains just 34% of its workforce. The expiration of the Cybersecurity Information Sharing Act of 2015 further complicates the landscape, leaving companies exposed to potential lawsuits and weakening a key defense against cyber-attacks. The shutdown raises fears of increased cyber-attacks, including ransomware targeting critical infrastructure, and furloughed workers are expected to be targeted by various fraud and social engineering attacks. The defunding of CISA impacts the timely identification and mitigation of vulnerabilities, leaving organizations more exposed to cyber threats. The potential dismantling of CISA could lead to increased response times and delayed fixes for critical vulnerabilities. The Cybersecurity Information Sharing Act of 2015 has expired, leaving companies exposed to potential lawsuits and weakening a key defense against cyber-attacks. Without CISA, organizations may rely more on internal resources and collaboration within the cybersecurity community.

Open in new tab

Critical deserialization flaw in DELMIA Apriso MOM actively exploited

A critical deserialization vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software (CVE-2025-5086) is actively exploited. The flaw, with a CVSS score of 9.0, affects versions from Release 2020 through Release 2025. The vulnerability allows for remote code execution (RCE) and has been exploited to deliver the Zapchast malware. DELMIA Apriso is used in production processes for digitalizing and monitoring, and is deployed in automotive, aerospace, electronics, high-tech, and industrial machinery divisions. The flaw is actively exploited via malicious SOAP requests to vulnerable endpoints, loading and executing a Base64-encoded, GZIP-compressed .NET executable embedded in the XML. The malicious requests were observed originating from the IP 156.244.33[.]162, likely associated with automated scans. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, and FCEB agencies are advised to apply updates by October 2, 2025.

Open in new tab

Samsung patches zero-day vulnerability in libimagecodec.quram.so

Samsung has patched a critical remote code execution vulnerability (CVE-2025-21043) in its Android devices running Android 13, 14, 15, or 16. The flaw, discovered in the libimagecodec.quram.so library, was exploited in zero-day attacks targeting Samsung devices. The vulnerability allows attackers to execute arbitrary code remotely due to an out-of-bounds write weakness. Meta and WhatsApp reported the issue, which was also part of a broader exploit campaign involving Apple devices. The exploit was reported to Samsung on August 13, and the patch was released in the September 2025 Security Maintenance Release (SMR). The vulnerability affects Samsung devices using the vulnerable image parsing library, potentially impacting other instant messengers that rely on it.

Open in new tab

Critical RADIUS Authentication Flaw in Cisco Secure Firewall Management Center

Cisco has disclosed and patched a critical vulnerability in the RADIUS subsystem of Secure Firewall Management Center (FMC) Software. The flaw, CVE-2025-20265, allows unauthenticated, remote attackers to execute arbitrary shell commands on affected systems. This vulnerability affects FMC Software versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for web-based management or SSH. The issue arises from improper handling of user input during the authentication phase, enabling attackers to inject malicious commands. Successful exploitation can lead to high-privilege command execution. There are no workarounds other than applying the provided patches. The flaw was discovered by Brandon Sakai during internal security testing. Cisco has also resolved several high-severity bugs in various products.

Open in new tab